/*
 * Copyright (C) 2006 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.sina.http;

import java.security.cert.X509Certificate;

import android.net.http.SslCertificate;

/**
 * One or more individual SSL errors and the associated SSL certificate
 * 
 * {@hide}
 */
public class SslError {

	/**
	 * Individual SSL errors (in the order from the least to the most severe):
	 */

	/**
	 * The certificate is not yet valid
	 */
	public static final int SSL_NOTYETVALID = 0;
	/**
	 * The certificate has expired
	 */
	public static final int SSL_EXPIRED = 1;
	/**
	 * Hostname mismatch
	 */
	public static final int SSL_IDMISMATCH = 2;
	/**
	 * The certificate authority is not trusted
	 */
	public static final int SSL_UNTRUSTED = 3;

	/**
	 * The number of different SSL errors (update if you add a new SSL error!!!)
	 */
	public static final int SSL_MAX_ERROR = 4;

	/**
	 * The SSL error set bitfield (each individual error is an bit index;
	 * multiple individual errors can be OR-ed)
	 */
	int mErrors;

	/**
	 * The SSL certificate associated with the error set
	 */
	SslCertificate mCertificate;

	/**
	 * Creates a new SSL error set object
	 * 
	 * @param error
	 *            The SSL error
	 * @param certificate
	 *            The associated SSL certificate
	 */
	public SslError(int error, SslCertificate certificate) {
		addError(error);
		mCertificate = certificate;
	}

	/**
	 * Creates a new SSL error set object
	 * 
	 * @param error
	 *            The SSL error
	 * @param certificate
	 *            The associated SSL certificate
	 */
	public SslError(int error, X509Certificate certificate) {
		addError(error);
		mCertificate = new SslCertificate(certificate);
	}

	/**
	 * @return The SSL certificate associated with the error set
	 */
	public SslCertificate getCertificate() {
		return mCertificate;
	}

	/**
	 * Adds the SSL error to the error set
	 * 
	 * @param error
	 *            The SSL error to add
	 * @return True iff the error being added is a known SSL error
	 */
	public boolean addError(int error) {
		boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR);
		if (rval) {
			mErrors |= (0x1 << error);
		}

		return rval;
	}

	/**
	 * @param error
	 *            The SSL error to check
	 * @return True iff the set includes the error
	 */
	public boolean hasError(int error) {
		boolean rval = (0 <= error && error < SslError.SSL_MAX_ERROR);
		if (rval) {
			rval = ((mErrors & (0x1 << error)) != 0);
		}

		return rval;
	}

	/**
	 * @return The primary, most severe, SSL error in the set
	 */
	public int getPrimaryError() {
		if (mErrors != 0) {
			// go from the most to the least severe errors
			for (int error = SslError.SSL_MAX_ERROR - 1; error >= 0; --error) {
				if ((mErrors & (0x1 << error)) != 0) {
					return error;
				}
			}
		}

		return 0;
	}

	/**
	 * @return A String representation of this SSL error object (used mostly for
	 *         debugging).
	 */
	public String toString() {
		return "primary error: " + getPrimaryError() + " certificate: " + getCertificate();
	}
}
